Bug#876328: marked as done (asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008))
Your message dated Sun, 08 Oct 2017 12:02:51 + with message-idand subject line Bug#876328: fixed in asterisk 1:11.13.1~dfsg-2+deb8u4 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: asterisk Source-Version: 1:11.13.1~dfsg-2+deb8u4 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 21:07:18 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-dbg asterisk-config Architecture: source amd64 all Version: 1:11.13.1~dfsg-2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian VoIP Team Changed-By: Bernhard Schmidt Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dbg - Debugging symbols for Asterisk asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 876328 Changes: asterisk (1:11.13.1~dfsg-2+deb8u4) jessie-security; urgency=high . * CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) Checksums-Sha1: f7b53dc6d228b53434310ad18e01f1bf0358c44b 4050 asterisk_11.13.1~dfsg-2+deb8u4.dsc 4d883e90f48141c9975bf62764b8d14385e4982b 120088 asterisk_11.13.1~dfsg-2+deb8u4.debian.tar.xz bb28863222954ddbac903a747e7a606d688934bb 148 asterisk_11.13.1~dfsg-2+deb8u4_amd64.deb 1d42c8810cd55ddcecaf96d29b63f4b88e1d2ad5 2128016 asterisk-modules_11.13.1~dfsg-2+deb8u4_amd64.deb e0129c6f607c9b10a3c5c129ebc4ea7c312a7271 704006 asterisk-dahdi_11.13.1~dfsg-2+deb8u4_amd64.deb d40c6ed18fd4ca93fecad7dc9845b34ccc1ae781 508316 asterisk-vpb_11.13.1~dfsg-2+deb8u4_amd64.deb f93b6b4fffcc09062f6392d209dc35cbd58e345f 563946 asterisk-voicemail_11.13.1~dfsg-2+deb8u4_amd64.deb 504f11349882476129b6bec9e2bfac1fbebb 579936
Bug#876328: marked as done (asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008))
Your message dated Sat, 07 Oct 2017 11:47:08 + with message-idand subject line Bug#876328: fixed in asterisk 1:13.14.1~dfsg-2+deb9u2 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: asterisk Source-Version: 1:13.14.1~dfsg-2+deb9u2 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 21:26:19 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config Architecture: source Version: 1:13.14.1~dfsg-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian VoIP Team Changed-By: Bernhard Schmidt Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 875450 876328 Changes: asterisk (1:13.14.1~dfsg-2+deb9u2) stretch-security; urgency=high . * CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) * Fix one-way audio with chan_sip when transcoding (Closes: #875450) Checksums-Sha1: 2977c66a23be109bc4fbe53e5b85fc46638f63d5 4133 asterisk_13.14.1~dfsg-2+deb9u2.dsc 3970e2be900e02197c18a09a4e2b3590de5c9a5e 142904 asterisk_13.14.1~dfsg-2+deb9u2.debian.tar.xz 35a01eb8ebbe0158edae6e99bdb8af87e6437aa1 26743 asterisk_13.14.1~dfsg-2+deb9u2_amd64.buildinfo Checksums-Sha256: 2e507bdb0d01d9f6d4995aca883f93397c2109a0640e8e74d46fe510c7f0d091 4133 asterisk_13.14.1~dfsg-2+deb9u2.dsc fab80768a606e74b95c4ff4023b9374aebf3558f266c7df46627baacc68e51d3 142904 asterisk_13.14.1~dfsg-2+deb9u2.debian.tar.xz 4a62a738b59acf852d56826a1595963800cc01fe70ddad0656a41bca81ee1929 26743 asterisk_13.14.1~dfsg-2+deb9u2_amd64.buildinfo Files: 94f072e4715994f227382b8d5ad82ddd 4133 comm optional
Bug#876328: marked as done (asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008))
Your message dated Sat, 23 Sep 2017 19:35:06 + with message-idand subject line Bug#876328: fixed in asterisk 1:13.17.2~dfsg-1 has caused the Debian Bug report #876328, regarding asterisk: CVE-2017-14603: RTP/RTCP information leak (AST-2017-008) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 876328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: asterisk Version: 1:13.17.1~dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for asterisk. CVE-2017-14603[0]: followup-to AST-2017-005: RTP/RTCP information leak If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14603 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603 [1] http://downloads.asterisk.org/pub/security/AST-2017-008.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore --- End Message --- --- Begin Message --- Source: asterisk Source-Version: 1:13.17.2~dfsg-1 We believe that the bug you reported is fixed in the latest version of asterisk, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 876...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernhard Schmidt (supplier of updated asterisk package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Sep 2017 20:41:06 +0200 Source: asterisk Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh323 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-tests asterisk-doc asterisk-dev asterisk-config Architecture: source Version: 1:13.17.2~dfsg-1 Distribution: unstable Urgency: high Maintainer: Debian VoIP Team Changed-By: Bernhard Schmidt Description: asterisk - Open Source Private Branch Exchange (PBX) asterisk-config - Configuration files for Asterisk asterisk-dahdi - DAHDI devices support for the Asterisk PBX asterisk-dev - Development files for Asterisk asterisk-doc - Source code documentation for Asterisk asterisk-mobile - Bluetooth phone support for the Asterisk PBX asterisk-modules - loadable modules for the Asterisk PBX asterisk-mp3 - MP3 playback support for the Asterisk PBX asterisk-mysql - MySQL database protocol support for the Asterisk PBX asterisk-ooh323 - H.323 protocol support for the Asterisk PBX - ooH323c asterisk-tests - internal test modules of the Asterisk PBX asterisk-voicemail - simple voicemail support for the Asterisk PBX asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX asterisk-vpb - VoiceTronix devices support for the Asterisk PBX Closes: 876328 Changes: asterisk (1:13.17.2~dfsg-1) unstable; urgency=high . * New upstream version 13.17.2~dfsg - CVE-2017-14603 / AST-2017-008 This is a follow-up for AST-2017-005: RTP/RTCP information leak improving robustness of the security fix and fixing a regression with re-INVITEs (Closes: #876328) Checksums-Sha1: ef0627eddbf392c2780648a5a57759b4446fbb51 4268 asterisk_13.17.2~dfsg-1.dsc ab66abe155fa42e6e53ef3db54a8319d31acf3f9 6229408 asterisk_13.17.2~dfsg.orig.tar.xz 9cbffc2c2aaadcdce87814235fc0670bf8d7589d 168464 asterisk_13.17.2~dfsg-1.debian.tar.xz 4226c68da4a5dd5ce91d3e47e6f13db9b0264710 27353 asterisk_13.17.2~dfsg-1_amd64.buildinfo Checksums-Sha256: 9554380b8410b7c74e99259f08200f2965eea05574d7224fc7ecd4ba506d4e68 4268 asterisk_13.17.2~dfsg-1.dsc 64cb6072183cfa635db56206bf7ba1dd761d7e067eaa83edbc23fb3c870bd086 6229408 asterisk_13.17.2~dfsg.orig.tar.xz 1641303bbe2fc4ff099d81a126c4fdcb0cc1674939d1234ac422beb30b06 168464 asterisk_13.17.2~dfsg-1.debian.tar.xz